[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Help me understand tor with SSL?



On Dec 1, 2007 8:23 PM, Martin Fick <mogulguy@xxxxxxxxx> wrote:
> Hi,
>
> After reading the docs I am very confused about how
> tor/privoxy deals with https(SSL) connections.  It
> sounds like if I use SSL that I will be basically
> bypassing privoxy and therefor could leak personal
> info?  So what is the alternative if I want to access
> a web site that requires https for logging in
> anonymously?
>
> Also, what prevents tor users form being susceptible
> to simple attacks where an html page embeds an image
> that has an https url as its source effectively
> bypassing any privacy?
>
> -Martin
>
>
>
>       ____________________________________________________________________________________
> Be a better pen pal.
> Text or chat with friends inside Yahoo! Mail. See how.  http://overview.mail.yahoo.com/
>

Hello Martin,

What Privoxy will be unable to do is modify the contents of HTTPS
packets.  The packets will still be sent anonymously, so HTTPS
communications can be anonymous (and are preferred because exit nodes
can not steal information), just the ads and scripts will not be
filtered from them through Privoxy.  This filtering should still occur
at some level from your browse (Noscript, Ad blocking extensions,
etc).

Let me know if that clarifies things a bit,

Kasimir

-- 
Kasimir Gabert